Samuel Williams

**Name of the Vulnerable Software and Affected Versions** Ruby versions 2.5.x through 2.5.7 Ruby versions 2.6.x through 2.6.5 Ruby version 2.7.0 **Description** An issue in Ruby may expose possibly sensitive data from the interpreter. This occurs when the `BasicSocket#read nonblock` method is called with the `exception: false` parameter, causing the buffer to be resized without copying data, thus providing the previous value of the heap. The vulnerability is related to the lack of protection of internal data and may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For Ruby versions 2.5.x through 2.5.7, consider disabling the `BasicSocket#read nonblock` function until a patch is available. For Ruby versions 2.6.x through 2.6.5, consider disabling the `BasicSocket#read nonblock` function until a patch is available. For Ruby version 2.7.0, consider disabling the `BasicSocket#read nonblock` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.